Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp979035pxp; Wed, 16 Mar 2022 23:17:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwIrWO/R2OKO18FlXflGoCIfE4Cc8hDpiF+4ef1HgIOkg00oUZ/VZdd1DC5K0yldO+xKWZ4 X-Received: by 2002:a17:90a:4749:b0:1be:ea64:4348 with SMTP id y9-20020a17090a474900b001beea644348mr13947101pjg.231.1647497861860; Wed, 16 Mar 2022 23:17:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1647497861; cv=pass; d=google.com; s=arc-20160816; b=v5d5tCCUAUdKZjvVWeKn9gLPKFbXZ6Yo9qyx1b1+amKHLwCsRnP1QtYZ7xyVQaPCi0 sAX9xbUECNP9CyS2a6QM6IHvwHqbTINMeY+bEhcNrSKcelo3wlAgz2KkKcM6okmsazuz TALdU7nLHLZJ6X5zAXwC4uMBNlzFrQ+9ytl9kR/rBc3hZxt+Ea5rJqAyLD+pplDLmvR8 jPBViNqNASttasPzIVYO8w8+77XwKXp2NU0qHp6prKLhL1Kzhal7Wq7BZO4AysXHwacm 8qJWFVUKE7xvHYCoqmCrZ+1KFOl84FwITP599x+wUfcc3Em5CV/enRabDLb1qJqaLWI/ LoaQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=uQhyjB8j73qzl+ChbP8kn0vO6yWGcJ/9Sw43XmwkW0w=; b=CGy2X4MFl2rWtMHDvBm/U4WtZ3+qOzufi4P3eQZWhtKRVH0AAm206Humzg8AeiUM1+ HTQb8ZEeQrFxRneGjMPPCYw4ap1F9nKIREkAd50kY6UtoA1l++qhoPMaJoB89QVRFXW6 YWU9r56x+xc9WhJ1tIUFcJ6L5e1+4kSZ+mUXpG2XZkgq5/MnRGalptuyjKndYMmDJgM7 7fCEv/gNQTnPBt+WWVRv+R4fytAve8JZ7dEax8I3lJbk7Fdij6oznGGHcKV25UDXQa6u LLH05385Rvxyo9oAcM7ryGmlWhbb39WFEXmpnYYzac7fLUmqjEbUBIXBNfhWFPnBjDAC xE8A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@iki.fi header.s=meesny header.b=qtgMfRcX; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id c1-20020a170902d48100b00151dd6041a6si4329757plg.59.2022.03.16.23.17.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:17:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@iki.fi header.s=meesny header.b=qtgMfRcX; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 85599193B5F; Wed, 16 Mar 2022 22:01:30 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235895AbiCNDem (ORCPT + 99 others); Sun, 13 Mar 2022 23:34:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231858AbiCNDei (ORCPT ); Sun, 13 Mar 2022 23:34:38 -0400 Received: from meesny.iki.fi (meesny.iki.fi [195.140.195.201]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BAAF86144; Sun, 13 Mar 2022 20:33:25 -0700 (PDT) Received: from localhost (91-154-92-187.elisa-laajakaista.fi [91.154.92.187]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: sakkinen) by meesny.iki.fi (Postfix) with ESMTPSA id 9CDFE200B9; Mon, 14 Mar 2022 05:33:23 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1647228803; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=uQhyjB8j73qzl+ChbP8kn0vO6yWGcJ/9Sw43XmwkW0w=; b=qtgMfRcX/anqtLCrek/LRwovjkV4rOYVySov8PlNI3nvO0kkuvNbvQb6lb+g3Yb2nlwZbu 3fsuK7vwA1IIptx4tGLclTjNt0rXnXLk/snLB4hEcEzENnMvdTT86hkH9XiU/uvv4O823Z yf4zB5xs3eY7o6/sCtZ13w1xb/4tM4g= Date: Mon, 14 Mar 2022 05:32:39 +0200 From: Jarkko Sakkinen To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, James Morris , David Howells , Peter Huewe , Jason Gunthorpe Subject: [GIT PULL] TPM DEVICE DRIVER updates for v5.18 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=sakkinen smtp.mailfrom=jarkko.sakkinen@iki.fi ARC-Seal: i=1; s=meesny; d=iki.fi; t=1647228803; a=rsa-sha256; cv=none; b=VkNC55aZDMNRTZe+joMuK+lUobPyayMtVcgd8DvapbiJacXtQCdhCQULukkb4i1wt5u4XT 3K13qkpzNve6+K8FkgUP1XHqTch9oEsXZLiPhuHG6ErVrqKGxoX04tKMGZu5tN0kBr75nJ b7JUUA8GNK3PIW0LqOMKQPws4jqbGhM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1647228803; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=uQhyjB8j73qzl+ChbP8kn0vO6yWGcJ/9Sw43XmwkW0w=; b=s0jz8gNi6Ri+XWWPt/Y18RxoBAOBZiKT6ExSRpRIHDhbUbfAdxDp0RfowlVOyj77wGmuGc WuyB3y3KbO1jv7Ycd+duiT1WK909IzoXSnCYkf1u1tEwgsD76O1TG9zCEMAfdUkQsOnB/F 46PHXqTd1QYur8A9b89aozdtzYJac+Y= X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following changes since commit ea4424be16887a37735d6550cfd0611528dbe5d9: Merge tag 'mtd/fixes-for-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux (2022-03-07 11:43:22 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git/ tags/tpmdd-next-v5.18-v2 for you to fetch changes up to fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9: tpm: use try_get_ops() in tpm-space.c (2022-03-10 01:47:25 +0200) ---------------------------------------------------------------- tpmdd updates for Linux v5.18 ---------------------------------------------------------------- Andreas Rammhold (1): KEYS: trusted: Fix trusted key backends when building as module Dave Kleikamp (1): KEYS: trusted: Avoid calling null function trusted_key_exit Eric Biggers (8): KEYS: fix length validation in keyctl_pkey_params_get_2() KEYS: x509: clearly distinguish between key and signature algorithms KEYS: x509: remove unused fields KEYS: x509: remove never-set ->unsupported_key flag KEYS: x509: remove dead code that set ->unsupported_sig KEYS: remove support for asym_tpm keys KEYS: asymmetric: enforce that sig algo matches key algo KEYS: asymmetric: properly validate hash_algo and encoding Eric Snowberg (8): integrity: Fix warning about missing prototypes integrity: Introduce a Linux keyring called machine integrity: add new keyring handler for mok keys KEYS: store reference to machine keyring KEYS: Introduce link restriction for machine keys efi/mokvar: move up init order integrity: Trust MOK keys if MokListTrustedRT found integrity: Only use machine keyring when uefi_check_trust_mok_keys is true Gustavo A. R. Silva (1): tpm: xen-tpmfront: Use struct_size() helper James Bottomley (1): tpm: use try_get_ops() in tpm-space.c Lino Sanfilippo (1): tpm: fix reference counting for struct tpm_chip Stefan Berger (1): selftests: tpm2: Determine available PCR bank Tadeusz Struk (2): tpm: Fix error handling in async work selftests: tpm: add async space test with noneexisting handle certs/system_keyring.c | 44 +- crypto/asymmetric_keys/Kconfig | 21 - crypto/asymmetric_keys/Makefile | 12 - crypto/asymmetric_keys/asym_tpm.c | 957 --------------------- crypto/asymmetric_keys/pkcs7_verify.c | 13 +- crypto/asymmetric_keys/public_key.c | 126 ++- crypto/asymmetric_keys/tpm.asn1 | 5 - crypto/asymmetric_keys/tpm_parser.c | 102 --- crypto/asymmetric_keys/x509.asn1 | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 34 +- crypto/asymmetric_keys/x509_parser.h | 1 - crypto/asymmetric_keys/x509_public_key.c | 24 - drivers/char/tpm/tpm-chip.c | 46 +- drivers/char/tpm/tpm-dev-common.c | 8 +- drivers/char/tpm/tpm.h | 2 + drivers/char/tpm/tpm2-space.c | 73 +- drivers/char/tpm/xen-tpmfront.c | 8 +- drivers/firmware/efi/mokvar-table.c | 2 +- include/crypto/asym_tpm_subtype.h | 19 - include/keys/system_keyring.h | 14 + security/integrity/Kconfig | 13 + security/integrity/Makefile | 1 + security/integrity/digsig.c | 15 +- security/integrity/integrity.h | 17 +- .../integrity/platform_certs/keyring_handler.c | 18 +- .../integrity/platform_certs/keyring_handler.h | 5 + security/integrity/platform_certs/load_uefi.c | 4 +- .../integrity/platform_certs/machine_keyring.c | 77 ++ security/keys/keyctl_pkey.c | 14 +- security/keys/trusted-keys/trusted_core.c | 6 +- tools/testing/selftests/tpm2/tpm2.py | 31 + tools/testing/selftests/tpm2/tpm2_tests.py | 45 +- 32 files changed, 486 insertions(+), 1273 deletions(-) delete mode 100644 crypto/asymmetric_keys/asym_tpm.c delete mode 100644 crypto/asymmetric_keys/tpm.asn1 delete mode 100644 crypto/asymmetric_keys/tpm_parser.c delete mode 100644 include/crypto/asym_tpm_subtype.h create mode 100644 security/integrity/platform_certs/machine_keyring.c